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BACKGROUND OF THE INVENTION 

Field of the Invention 

The present invention relates to the field of encryption. Specifically, the present 
invention relates to creating and executing secure, i.e., encrypted, scripts by a world wide web- 
5 enabled application. 



Description of the Related Art 

Present World Wide Web browsers, such as Internet Explorer, available from Microsoft 
Corporation, are limited by the constraints of the HyperText Mark-Up Language (HTML). Web 

10 content based on HTML comprises static, two dimensional text and graphics. A scripting 

language, such as JavaScript - a cross-platform, object-based scripting language for client and 
server applications developed by Netscape Communications, Inc., extends a Web browser's 
capabilities. A scripting language allows access to objects within the browser and supports 
execution of Web applications. A script, written in a scripting language, typically has access to 

15 browser objects in an HTML document or page, and is capable of modifying variables in the 
HTML document. Thus, the script extends the capabilities of HTML processing without 
requiring interaction with a HyperText Transfer Protocol (HTTP) server. The script typically is 
downloaded by the browser as part of an HTML page and is processed as the page is received, or 
when a browser event occurs, such as the click of a button on the HTML page. 

20 A script differs from an applet. Although an applet also is downloaded as part of a Web 

page and run on a client system, the applet stands alone, that is, it is not part of the browser 
application, just as a an application program, such as a word processor application, is not part of 
an operating system. 
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In addition to scripts and applets, controls enhance Web browsers. For example, ActiveX 
controls are interactive objects in a Web page that provide interactive and user-controllable 
functions. ActiveX controls are part of a set of technologies available from Microsoft 
Corporation, based on a refinement of the well known COM standard, that is directed to enabling 

5 interactive content for Web pages. ActiveX currently is supported by the Microsoft Windows 
operating system, but will be supported on other platforms, such as the Macintosh platform 
available from Apple Computer, and UNIX platforms. 

Without sufficient security mechanisms in place, it is possible to download a Web page 
that contains controls that launch an application that causes harm or unintended results, e.g., to 

10 the client system. Furthermore, if the controls are not secure, the provider of a Web site risks 
attack by computer hackers, and is vulnerable to software bugs. 



BRIEF SUMMARY OF THE INVENTION 
The invention provides a method for creating a secure script. Executable commands in 
15 the script are hashed, and the hashed values for the commands are encrypted and appended to the 
script. 



BRIEF DESCRIPTION OF THE DRAWINGS 
The present invention is illustrated by way of example and not limitation in the following 
20 figures. Like references indicate similar elements, in which: 



Fig. 1 is a flow chart illustrating an embodiment of the invention. 
Fig. 2 is a flow chart illustrating an embodiment of the invention. 
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DETAILED DESCRIPTION OF THE INVENTION 
An embodiment of the present invention enables Web pages to execute software 
applications on a client system, e.g., a personal computer (PC), in a secure manner using a signed 
5 control, and a signed and encrypted script. Embodiments of the invention may be represented as 
a software product received over, and/or stored on, a machine-readable medium (also referred to 
as a computer-readable medium or a processor-readable medium). The machine-readable 
medium may be any type of magnetic, optical, or electrical storage medium including a diskette, 
CD-ROM, memory device (volatile or non-volatile), or similar storage mechanism. Moreover, 

10 the machine readable medium may accessed at a server by a client via a network connection 
between the client and server, for example, in a client/server computing environment. The 
machine-readable medium may contain various sets of instructions, code sequences, 
configuration information, or other data. For example, the procedures described herein can be 
stored on the machine-readable medium. Those of ordinary skill in the art will appreciate that 

15 other instructions and operations necessary to implement the described invention may also be 
stored on the machine-readable medium. 

In one embodiment of the invention, a script in a World Wide Web page ("Web page", 
"Web document", or "HyperText Markup Language (HTML) document") is hashed and 
encrypted. A control in the Web page, such as ActiveX, decrypts and hashes the script to verify 

20 the script has not been altered or tampered with, before executing or causing to execute the 

script. In this maimer, one can serve to a client web pages that contain interactive content or that 
execute local applications in a secure fashion. The described embodiment involves a script that 
may be invoked by a Web browser application, or more particularly, by a control in a Web page 
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downloaded by the Web browser application. However, it should be noted that any application 
or software program can benefit from the present invention to protect malicious modification of 
or hacking to a script or the like. 

With reference to Fig. 1, the process starts at 1 10 with hashing the commands in the 
5 script. The script is written in a scripting language, such as JavaScript, and comprises executable 
commands to cause the client system upon which the script is executed to perform some 
function. The function may be defragmenting a hard disk drive accessible by the system upon 
which the script is executed, or providing interactive content in a Web page downloaded to a 
client system, e.g., online tutorial or help. The content of the script is not so important as is 

10 preventing unauthorized control of the script or unauthorized alteration of the script content in so 
much as an embodiment of the present invention is concerned. 

Any well known or proprietary hashing function may be utilized to compute a hashed 
value for each executable command in the script. Each executable command is provided at 105 
as the key value input to the hashing function, from which the hashing function computes a 

15 hashed value corresponding to the executable command. In one embodiment of the invention, 
each executable command may be hashed, while in other embodiments of the invention, some 
number of executable commands, e.g., one or more but less than all of the executable commands, 
may be hashed. In one embodiment of the invention, the hashing function utilizes public key A 
that is tied to the script, as described below, thus making it highly unlikely that the script was 

20 authored or edited by an unauthorized individual without access to the corresponding private 
key. 

At 120, each hashed value is encrypted using well known asymmetric, i.e., public, key 
cryptography techniques. For example, each hashed value is encrypted using private key A 106. 
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This process is also referred to in cryptography as creating a public key digital signature. Public 
key digital signatures provide a way to prove that the signed data was signed by one who had a 
copy of a particular private key, in this case, private key A. 

The signed hashed values for the executable commands are embedded or appended to the 
5 script at 130. Alternatively, the hashed values may first be appended to the script and then 
signed. A public key A corresponding to the private key A may be appended to the script as 
well, or obtained from the public key authentication infrastructure, e.g., a certification authority. 
(A public file known as a certificate is issued by the certification authority and contains an 
entity's public key, identifying information, and a signature provided by the certification 

10 authority). At 140, the script, including the signed hashed values and public key, if present, may 
be encrypted using a symmetric key 107 to provide a second level of encryption. The encryption 
is not necessary for protection of the script, but hides the public key, if included in the script. 

In a Web-enabled application, the script, encrypted or not as the case may be, is 
converted as appropriate for inclusion in a Web page. The public key A 108 corresponding to 

15 the private key A 106 is provided to control, i.e., interactive objects that provide interactive and 
user-controllable functions, in the Web page. In one embodiment of the invention, the Web page 
utilizes ActiveX control from Microsoft Corporation. The control is also signed at 160, to hide 
public key A provided therein at 150. The control is signed using a different private key, key B 
provided at 109. The script is ready for the execution process upon activation of the control by, 

20 e.g., a Java applet or a user clicking a button on the Web page. 

The process of securely executing the script is now described with reference to Fig. 2. In 
one embodiment of the invention, a user running a Web browser application visits a Web site 
and downloads a Web page containing interactive content. The user activates a control in the 
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Web page, for example, by clicking on an applet. Recall from the above discussion that the 
control is signed at 160 with a public key digital signature using private key B 109. Thus, at 210, 
the signature is verified using public key B 205. Verification is accomplished by decrypting the 
signed control with public key B. If any change has occurred to either the control or the 
5 signature, it will be detected at 210. At 220, the script is decrypted with symmetric key 107. 
(Symmetric key encryption requires only one key that is shared by the encryption process and 
decryption process). Of course, the decryption is necessary only if the script was 
correspondingly encrypted at 140. 

At 230, the executable commands in the script are hashed, using the same hashing 

10 function utilized at 1 10. The hashed commands that were encrypted and appended to the script 
at 120 and 130, respectively, are now decrypted at 240, using public key A, which was provided 
to the control at 150. The decrypted hashed commands are compared at 250 with the commands 
hashed at 230. If no changes in the script occurred between hashing and encrypting at 1 10 and 
120, and hashing and decrypting at 230 and 240, the decrypted hashed commands obtained at 

15 240 should be identical to the hashed commands obtained at 230, and the script may begin 
execution at 260. If, on the other hand, the commands hashed at 230 are not the same as the 
hashed commands decrypted at 240, the user is cautioned or warned, for example, by displaying 
a message in a pop up window or the like in a display screen for the client system. The user 
may, according to one embodiment of the invention, select to proceed with execution of the 

20 script. This is useful, for example, if a new version of the script is released, in which case 

hashed values for the commands in the old version of the script will not match the hashed values 
for the commands in the new version. 
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In one embodiment of the invention, the decrypted hashed commands are maintained so 
that a comparison between hashed command values and decrypted hashed command values may 
be performed before every execution of the script. Alternatively, a comparison is performed 
between execution of each command, to ensure there is no dynamic modification of the script or 
particular commands in the script. In each case, the user is warned as appropriate. In this 
manner, verification of the source and integrity of a script in an application, such as may be in a 
Web page, is accomplished. 



Attorney Docket No.: 42390.P6098 



Page 8 



CLAIMS 



What is claimed is: 

1. A method for creating a secure script, comprising: 

a) generating a hashed value for at least one executable command in the script; 

b) signing the hashed value to create a signed hashed value; and 

c) appending the signed hashed value to the script. 

2. The method of claim 1, wherein generating a hashed value for at least one executable 
command in the script comprises providing the executable command as a key value that is input 
to a mathematical function, computing the mathematical function, and providing as output from 
the mathematical function the hashed value. 

3. The method of claim 1, wherein signing the hashed value to create a signed hashed value 
comprises encrypting the hashed value. 

4. The method of claim 3, wherein encrypting the hashed value comprises encrypting the hashed 
value using a cryptographic key. 

5. The method of claim 4, wherein encrypting the hashed value using a cryptographic key 
comprises encrypting the hashed value using a public encryption private key. 
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6. The method of claim 5, wherein the script is component in a World Wide Web document 
downloaded from a HyperText Transfer Protocol server to a client for execution thereon. 

7. The method of claim 1, further comprising encrypting the script, including the signed hashed 
value appended to the script to create an encrypted script. 

8. The method of claim 7, wherein encrypting the script comprises encrypting the script using a 
symmetric encryption key. 

9. A method for securing a script, comprising: 

a) computing a hashed value for each executable command in a script; 

b) encrypting the hashed value for each executable command in the script; and 

c) appending to the script the encrypted hashed values for each executable command. 

10. The method of claim 9, wherein encrypting the hashed value for each executable command 
in the script comprises encrypting the hashed value for each executable command with a public 
encryption private key. 

11. The method of claim 10, further comprising signing a control program, comprising the script 
and a public key corresponding to the private key, to keep hidden the public key. 

12. The method of claim 1 1, wherein signing the control program comprises encrypting the 
control program using a second public encryption private key. 
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13. The method of claim 12, wherein the control program is an ActiveX control in an application 
program. 

14. The method of claim 13, wherein the ActiveX control is in a HyperText Markup Language 
(HTML) document. 

15. The method of claim 14, wherein the HTML document is downloaded from a HyperText 
Transfer Protocol (HTTP) server to a HTTP client. 

16. A method for executing a script, comprising: 

a) computing a hashed value for each executable command in a script; 

b) decrypting an encrypted hashed value appended to the script for each executable command in 
the script to obtain a decrypted hashed value for each executable command in the script; 

c) comparing the computed hashed value for each executable command in the script with the 
corresponding decrypted hashed value for each executable command in the script; and 

d) executing the executable commands in the script if the computed hashed values for the 
executable commands in the script are the same as the corresponding decrypted hashed values 
appended to the script for the executable commands. 

17. The method of claim 16, wherein the script is an encrypted script, further comprising 
decrypting the encrypted script with a symmetric encryption key to obtain the script. 
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18. The method of claim 16, first comprising verifying a public key cryptography signature 
associated with a control program comprising the script. 

19. The method of claim 16, further comprising repeating a and c each execution of the 
executable commands in the script to prevent dynamic modification to the script. 

20. The method of claim 16, wherein the script is in a HyperText Markup Language (HTML) 
document. 

21 . The method of claim 20, wherein the HTML document is downloaded to a Hypertext 
Transfer Protocol (HTTP) client from a HTTP server. 

22. The method of claim 21 performed by an ActiveX control in the HTML document. 

23. An article of manufacture comprising a machine accessible medium providing a plurality of 
machine readable instructions, wherein the instructions, when executed by a processor, cause the 
processor to: 

a) compute a hashed value for each executable command in a script; 

b) encrypt the hashed value for each executable command in the script; and 

c) append to the script the encrypted hashed values for each executable command. 
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24. An article of manufacture comprising a machine accessible medium providing a plurality of 
machine readable instructions, wherein the instructions, when executed by a processor, cause the 
processor to: 

a) compute a hashed value for each executable command in a script; 

b) decrypt an encrypted hashed value appended to the script for each executable command in the 
script to obtain a decrypted hashed value for each executable command in the script; 

c) compare the computed hashed value for each executable command in the script with the 
corresponding decrypted hashed value for each executable command in the script; and 

d) execute the executable commands in the script if the computed hashed values for the 
executable commands in the script are the same as the corresponding decrypted hashed values 
appended to the script for the executable commands. 

25. An apparatus, comprising: 

means for computing a hashed value for each executable command in a script; 
means for encrypting the hashed value for each executable command in the script; and 
means for appending to the script the encrypted hashed values for each executable command. 

26. An apparatus, comprising: 

means for computing a hashed value for each executable command in a script; 

means for decrypting an encrypted hashed value appended to the script for each executable 

command in the script to obtain a decrypted hashed value for each executable command in the 

script; 
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means for comparing the computed hashed value for each executable command in the script with 
the corresponding decrypted hashed value for each executable command in the script; and 
means for executing the executable commands in the script if the computed hashed values for the 
executable commands in the script are the same as the corresponding decrypted hashed values 
appended to the script for the executable commands. 
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ABSTRACT OF THE DISCLOSURE 
A method and apparatus for creating a secure script. Executable commands in the script are 
hashed, and the hashed values for the commands are encrypted and appended to the script. 
Before executing the script, a hashed value for each executable command in a script is computed 
and the encrypted hashed value appended to the script for each executable command in the script 
is decrypted to obtain a decrypted hashed value for each executable command in the script. 
The hashed value and the decrypted hashed value for each executable command is compared, 
and if the values are the same, the command is executed. 
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Thomas Faatz, Reg No. 39,973; Sean Fitzgerald, Reg. No. 32,027; John N Greaves, Reg. No. 40,362; Seth Z. 
Kalson, Reg. No. 40,670; David J. Kaplan, Reg. No. 41,105; Charles A. Mirho, Reg. No. 41,199; Leo V. 
Novakoski, Reg. No. 37,198; Naomi Obinata, Reg. No. 39,320; Thomas C. Reynolds, Reg. No. 32,488; Kenneth M. 
Seddon, Reg. No. 43,105; Mark Seeley, Reg. No. 32,299; Steven P. Skabrat, Reg. No. 36,279; Howard A. Skaist, 
Reg. No. 36,008; Steven C. Stewart, Reg. No. 33,555; Raymond J. Werner, Reg. No. 34,752; Robert G. Winkle, 
Reg. No. 37,474; and Charles K. Young, Reg. No. 39,435; my patent attorneys, and Thomas Raleigh Lane, Reg. No. 
42,781; Calvin E. Wells; Reg. No. P43,256, Peter Lam, Reg. No. P44,855; and Gene I. Su, Reg. No. 45,140; my 
patent agents, of INTEL CORPORATION; and James R. Thein, Reg. No. 31,710, my patent attorney; with full 
power of substitution and revocation, to prosecute this application and to transact all business in the Patent and 
Trademark Office connected herewith. 



Send correspondence to Gregory D. Caldwell BLAKELY, SOKOLOFF, TAYLOR 

(Name of Attorney or Agent) 
& ZAFMAN LLP, 12400 Wilshire Boulevard 7th Floor, Los Angeles, California 90025 
and direct telephone calls to Gregory D. Caldwell , (503) 684-6200. 

(Name of Attorney or Agent) 
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I hereby declare that all statements made herein of my own knowledge are true and that all 
statements made on information and belief are believed to be true; and further that these 
statements were made with the knowledge that willful false statements and the like so made 
are punishable by fine or imprisonment, or both, under Section 1001 of Title 1 8 of the 
United States Code and that such willful false statements may jeopardize the validity of the 
application or any patent issued thereon. 

Full Name of Sole/First Inventor Rodney A. Korn 

Inventor's Signature Date 

Residence Redmond, Washington Citizenship United States 

(City, State) (Country) 

Post Office Address 15127 NE 24th street, PMB 400 ; 

Redmond, Washington 98052 
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